To clarify the 2010 Debit Pin Entry Device standard merchants are expected to comply with by July 2010, not all merchants will need to change their pinpads. If you deployed a POS PED by December 31, 2007 AND  it was on the 2004-2007 Visa PCI lab approved list, you have until December 31, 2014 to replace it.

If you do not meet that requirement, then you’ll need to replace your PED by July 1, 2010 with a unit that meets the new Triple Data Encryption Standard (TDES) standard. Look carefully. There are companies that will sell you units that do not comply with the new standard.

POS- Point Of Sale

PED - Pin Entry Device

POS PED- a device in a merchant location where the customer is present at the time of the transaction.

Pinpad - pin pad- another name for PED

Triple DES- Triple Data Encryption Standard

3DES - same as above

OVERVIEW OF THE 2010 PCI COMPLIANCE RULE FOR DEBIT PIN ENTRY DEVICES:

The new standard is to improve the security of customer debit cards. The technology has been widely implemented over a number of years in ATM’s and such, and merchant pinpads are the last piece to complete.

DEADLINES:

July 1, 2010 If your unit was deployed after 12/31/2007 and it does not have Triple DES encryption, then you need to replace it. Any unit deployed prior to 2004 needs to be replaced.

12/31/2014 If you deployed a POS PED by December 31, 2007 AND  it was on the 2004-2007 Visa PCI lab approved list, then you must replace with a PCI SSC POS PED by this date. 

When you deployed your PED is a matter of record with your current service provider. Where is a copy of the 2004-2007 Visa PCI lab approved list?  https://partnernetwork.visa.com/vpn/global/category.do?userRegion=1&categoryId=19&documentId=33

HOW DO I VERIFY IF I HAVE A PCI COMPLIANT PED?

The PCI Data Security Standards Council has an updated list for all merchant providers. List of PCI compliant PEDs

WHICH NEW PIN ENTRY DEVICE DO YOU RECOMMEND?

First, make sure the unit has Triple Data Encryption Standard (TDES) certification. Just because someone is selling it, doesn’t mean it’s TDES. The PED must be matched to your terminal and the merchant services provider.  You can’t just pick any unit and attach it. A hugely popular unit is the

First Data FD-10 debit pin pad

because First Data is one of the largest payment processors in the country. Many merchant providers utilize the First Data system, therefore can use the unit. Additionally, it works with many different desktop terminals.

If you need to upgrade, now is the time to look at your entire system. Do you need a PED or would you be better off with a signature capture terminal that has an integrated PED? You can get a wireless, desktop or, or even a device that connects to a host based system like CenPOS that provides incredible benefits for organizations processing $1 million per month and up.  Take a look at the Ingenico i6580, a top of the line unit.

ingenico i6580 i6550

In summary, I like units that have in integrated Debit PED over a separate device that attaches. Oh, and this is another area that you have to be very careful reading product description text. Some product technical descriptions say they accept debit cards but they are not referring to accepting pin debit transactions! As if merchants don’t have enough to get confused about.

All debit PED’s must be encrypted. This is done via a process called an injection. There are a limited number of facilities in the USA that can perform the injection. That means you should not wait until the last minute because a lot of other people will.

3D Merchant Services is an authorized reseller for current equipment ONLY for major brands including Verifone, Hypercom, and Ingenico. We also offer Nurit, Way and other brands. Because of our high volume, we have wholesale prices compared to others. We’re independent- you can use our credit card processing or not. We don’t give free equipment- you’ll get a better deal on your processing and your equipment if you keep the transactions separate. Equipment is never really free.

Related article:

Which Verifone pin entry devices are pci compliant?

To clear up the confusion on which Nurit 8000 wireless terminals are PCI compliant, you must look at the part number on the bottom of your machine. If the part number begins with 8010, it is not compliant. The only wireless part number that is compliant to include new 2010 pin entry device requirements begins with 8020.

Why does the manufacturer web site list only the 8000, when the current unit is the 8020 or 8020S? One can only guess. From a marketing standpoint, Nurit 8000 is synonymous with wireless credit card processing. Or maybe the web site is just out of date. I have no idea.

References: BOOKMARK this page BEFORE LEAVING
PCI PED security standards web site, which maintains a list of approved pin entry devices. Enter Nurit in the search bar.

Nurit 8000 official manufacturer web site info. The manufacturer site shows only “Nurit 8000″, including the brochure downloads. It does not specify whether it’s referring to an 8010, 8020 or any other unit. Verifone purchased Lipman, the original equipment manufacturer some years ago.

What are my choices if my unit is not PCI Compliant? If you want to stay in the Nurit family, check out the Nurit 8020 wireless terminal review and current sale price.

As merchants combat high interchange fees by increasing debit penetration, the debit networks are quietly increasing their fees at the same time. Interlink is the latest debit network to announce an increase.

For tier 4 merchants, the rate goes from 75 basis points and $.17 per transaction to 95 basis points and $.20, There is no cap on the percentage fee charged. That’s $.0095 times the transaction amount plus the per item fee. Compare this to the debit interchange cost of 1.03% and $.10 per transaction and it’s obvious the numbers are getting closer.

Merchants will need to weigh cost and risk to make decisions about pushing pin debit. With pin debit, all risk is removed from the merchant for chargebacks.

New rates are effective April 16, 2010.